Reduce use of lib.optionalString

2026-03-22 15:29:07 +01:00 · 2026-01-31 19:26:36 +01:00 · 2026-01-31 19:26:36 +01:00 · 018565dd38
commit 018565dd38
parent 31bc84ee6c
2 changed files with 24 additions and 25 deletions
--- a/modules/system/services/auto-gc.nix
+++ b/modules/system/services/auto-gc.nix
@ -18,8 +18,8 @@ in
          [
            "--keep 10"
            "--keep-since 7d"
-            (lib.optionalString cfg.onlyCleanRoots "--no-gc")
          ]
+          ++ lib.optional cfg.onlyCleanRoots "--no-gc"
          |> lib.concatStringsSep " ";
      };
    };
--- a/modules/system/services/caddy.nix
+++ b/modules/system/services/caddy.nix
@ -13,11 +13,6 @@ let
  publicHostsExist = virtualHosts |> lib.any (vHost: (!self.lib.isPrivateDomain vHost.domain));
  privateHostsExist = virtualHosts |> lib.any (vHost: self.lib.isPrivateDomain vHost.domain);

-  webPorts = [
-    80
-    443
-  ];
-
  mkVirtualHost =
    {
      domain,
@ -28,24 +23,25 @@ let
    }:
    lib.nameValuePair domain {
      logFormat = "output file ${config.services.caddy.logDir}/${domain}.log { mode 640 }";
-      extraConfig = lib.concatLines [
-        (lib.optionalString (self.lib.isPrivateDomain domain) (
+      extraConfig =
        let
          certDir = config.security.acme.certs.${domain}.directory;
        in
-          ''
-            tls ${certDir}/fullchain.pem ${certDir}/key.pem
-            bind ${config.custom.networking.overlay.address}
-          ''
-        ))
-        (lib.optionalString (port != null) "reverse_proxy localhost:${toString port}")
-        (lib.optionalString (files != null) ''
-          root * ${files}
-          encode
-          file_server
-        '')
-        (lib.optionalString (extraConfig != null) extraConfig)
-      ];
+        [
+          (lib.optionals (self.lib.isPrivateDomain domain) [
+            "tls ${certDir}/fullchain.pem ${certDir}/key.pem"
+            "bind ${config.custom.networking.overlay.address}"
+          ])
+          (lib.optional (port != null) "reverse_proxy localhost:${toString port}")
+          (lib.optionals (files != null) [
+            "root * ${files}"
+            "encode"
+            "file_server"
+          ])
+          (lib.optional (extraConfig != null) extraConfig)
+        ]
+        |> lib.concatLists
+        |> lib.concatLines;
    };
 in
 {
@ -95,7 +91,10 @@ in
          message = "Each caddy virtual host must set exactly one of `port` or `files`";
        };

-        networking.firewall.allowedTCPPorts = lib.mkIf publicHostsExist webPorts;
+        networking.firewall.allowedTCPPorts = lib.mkIf publicHostsExist [
+          80
+          443
+        ];

        services.caddy = {
          enable = true;